~sircmpwn/git.sr.ht

3dcb94204fcb8d78cf606f71a9b0ce943b38abe8 — Drew DeVault 1 year, 8 months ago b063dbd 0.83.5
archive: fix command injection
1 files changed, 1 insertions(+), 0 deletions(-)

M gitsrht/blueprints/repo.py
M gitsrht/blueprints/repo.py => gitsrht/blueprints/repo.py +1 -0
@@ 427,6 427,7 @@ def archive(owner, repo, ref):
            "archive",
            "--format=tar.gz",
            "--prefix", f"{repo.name}-{refname}/",
            "--",
            ref
        ]
        subp = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=sys.stderr)